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NETWORK TRANSACTION SYSTEM 
WITH AUTHENTICATION BASED ON EXISTING BANK ACCOUNT 



BACKGROUND OF THE INVENTION 
5 1 . Field of the Invention 

The present invention generally relates to network 
transaction systems, and more specifically, to a network 
transaction system applicable to the entire range of 
cyberspace banking services including new account 
10 application, account balance s\jmmary, transaction summary, 
fund transfer, and bill payment. The present invention 
is further relates to a network transaction system applicable 

to other industries having a closed network for mutual 
communications, such as credit card services. 
15 2 > Description of the Related Art 

Home banking systems have been developed as new 
strategic services in the finance industry, which will 
allow a customer to electronically access to their 
individual bank accounts by connecting his/her home 
2 0 terminal to a central computer of the bank* Customers can 
enjoy various online banking services such as transaction 
summary review and fund transfer. To receive those 
services from the present home banking systems, each 
customer must have his/her bank account opened beforehand 
25 through a traditional, or non-electronic, procedure. That 
is, a customer should visit the bank and sign up for 
opening a bank account, where he/she will be usually 
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requested to show something to identify that he/she is 
really who he/she claims to be. This security process is 
called a user authentication procedure^ and the customer 
has to pass through this gateway every time he/she newly 
applies for an account of a different bank. 

Some financial institutions are proposing such 
online banking systems that will provide more advanced 
services using open network environment such as Internet. 
Those proposed systems allow their customers to sign up 
for opening a bank account without visiting the bank. 
Instead, customers can use a virtual branch of the bank 
disposed on their personal computer platforms that are 
linked to some bank systems providing online services. 
Such banking systems are called cyberspace banking. 

Since every service is provided online in such 
cyberspace banking systems, the user authentication plays 
an indispensable roll in security management. How to 
perform the online user authentication is, therefore, of 
greater importance in recent years . 

The use of certifying authorities is proposed as a 
solution to the above problem. According to this idea, a 
certifying authority established on a network will issue 
an electronic certificate that vouches for the bearer's 
identity. To get an electronic certificate, users must 
register their personal data to the authority by sending a 
mail message or visiting its registration office. This 
requirement, however, is quite troublesome to the users. 



When compared with conventional methods, the proposed 
authentication method has no big difference in the initial 
expense in time and effort for the customers to get a 
certificate. 

Also, from the viewpoint of the banks offering 
home banking services, the presence of certifying 
authorities will cause an additional burden on them. They 
might ask the following questions: ^^Who will take the 
initiative in operating the certifying authority?" ^^Does 
each bank separately establish such a certifying body?" 
^^Or will it be a unified body to be shared by all the 
financial institutions involved?" Unfortunately, there 
seems to be no clear answers to those questions. In 
reality, however, every cyberspace banking system that is 
experimentally running now assumes the use of certifying 
authorities and electronic certificates issued from them 
for user authentication. 

A virtual branch is defined as a terminal platform 
which is virtually set up on each user's personal computer. 
When this concept is realized, the users will be able to 
enjoy a wider range of banking services and business 
transactions than those offered from the present home 
banking systems . 

To make this cyberspace banking commercially 
operational , it is necessary to solve the troublesomeness 
imposed to the users in getting an electronic certificate 
and to eliminate the tasks related to certifying 



authorities that the banks must deal with. Unless users 
can easily open an account in their desired banks, the new 
systems will never be accepted by them. 

SUMMARY OF THE INVENTION 

Taking the above into consideration, an object of 
the present invention is to provide a network transaction 
system which will allow a user to authenticate himself or 
herself without using certifying authorities and to 
receive various cyberspace banking services from any banks 
as long as they are linked via an inter-bank network. 

To accomplish the above object, according to the 
present invention, there is provided a network transaction 
system in which a customer' s terminal station and a 
plurality of bank systems are interconnected via networks. 
In such a network banking environment, the customer wishes 
to newly open a bank account in a first bank system, while 
having an existing bank account in a second bank system. 
The first and second bank systems are among the plurality 
of bank systems on the networks . 

The network transaction system of the present 
invention comprises the three structural elements: 
customer processing means, first bank processing means, 
and second bank processing means . The customer processing 
means, which is disposed at the terminal station, applies 
for a new bank account by supplying the first bank with 
existing account information descriptive of the existing 



bank accoun t owned by the cu s tomer i n the s econd bank 
system. The first bank processing means, which is disposed 
at the f i r s t bank sys tem , reques ts the second bank sy s tem 
to make a confirmation of the existing bank account, while 
forwarding the existing account information received from 
the customer processing means to the second bank system 
over the networks. The second bank processing means, which 
is disposed at the second bank system, confirms the 
existing bank account upon request from the first bank 
processing means and returns a confirmation response 
message to the first bank processing means to report the 
result of the conf ijcmation of the existing bank account. 
The first bank processing means opens the applied new bank 
account based on the confirmation response message from 
the second bank system describing the result of the 
confirmation of the existing bank account. 

The above and other objects, features and 
advantages of the present invention will become apparent 
from the following description when taken in conjunction 
with the accompanying drawings which illustrate preferred 
embodiments of the present invention by way of example. 

BRIEF DESCRIPTION OF THE DRAWINGS 
FIG. 1 is a conceptual view of a network 

transaction system according to the present invention; 

FIG. 2 is a block diagram showing a typical 

configuration of a cyberspace banking system where a 



network transaction system according to the present 
i nven ti on i s impl emen ted ; 

FIG. 3 is a flowchart showing a procedure of 
opening a new bank account; 

FIG* 4 is a diagram to explain a flow of encrypted 
information ; 

FIG, 5 is a di agr am showi ng an exampl e of a 
terminal screen used by a customer when applying for a new 
account; 

FIG, 6 is a diagram showing an example of a status 
inquiry screen to report the result of the new account 
application ; and 

FIG. 7 is a block diagram shows another typical 
configuration of a cyberspace banking system where the 
network transaction system of the present invention is 
implemented . 

DESCRIPTION OF THE PREFERRED EMBODIMENT 
An embodiment of the present invention will be 
described below with reference to the accompanying 
drawings. Referring first to FIG. 1, the following 
description will outline the principle of the present 
invention . 

FIG. 1 is a conceptual view of a network 
transaction system according to the present invention. The 
network transaction system of the present invention is 
implemented in a network environment where a plurality of 



banks la, lb, and so on are interconnected via a 
conventional inter-bank network 2. The bank la is offering 
cyberspace banking services using an open network 3 to 
communicate with their potential customers . A terminal 
station 5 of a customer 4 is linked to this bank la via 
the open network 3 , The customer 4 wishes to have an 
account in the bank la, and in this sense, the bank la is 
referred to as a target bank." 

Meanwhile, the customer 4 owns his/her bank 
account in another bank lb which has been previously 
opened. Because this bank lb will play an important role 
in the present invention, cooperating with the target bank 
la as will be described below, the bank lb is referred to 
as a ^^cooperative bank." 

Every bank in this system can be uniquely 
identified with a bank identification code. The target 
bank identification code" and ^^cooperative bank 
identification code" refer to the codes of the target bank 
la and cooperative bank lb, respectively. 

The network transaction system of the present 
invention comprises customer processing means 6, target 
bank processing means 7, and cooperative bank processing 
means 8, which are disposed in separate locations. The 
customer processing means 6 is placed in a personal 
computer, for example, that serves as the terminal station 
5 . The target bank processing means 7 is located in the 
target bank la, and the cooperative bank processing means 



8 is disposed in the cooperative bank lb. 

Sitting at the terminal station 5, the customer 4 
is now attempting to issue an application for an account 
of the bank la for the first time. The customer 4 is 
prompted to enter some personal information necessary for 
opening a new account, which information is referred to as 
^^account application information. " This account 

application information includes: name, address, desired 
password, and so on. The customer 4 enters such 
information items to the customer processing means 6 of 
the terminal station 5. 

The cus tomer 4 is also reques ted to enter 
^^existing account information'' that describes one of the 
bank accounts that the customer 4 currently holds . This 
existing account information actually includes: 
cooperative bank identification code, account number, 
password, and the like. Upon receipt of the account 
application information and existing account information, 
the customer processing means 6 transmits them all to the 
target bank la over the open network 3. 

In the bank la, the target bank processing means 7 
receives the account application information and existing 
account infoirmation transmitted from the customer 
processing means 6. The target bank processing means 7 
then forwards the received existing account information to 
the bank lb where the customer's bank account resides, 
thereby requesting the cooperative bank processing means 8 



to make a confirmation of the identity of the customer 4. 
This authentication request, or actually an account 
confirmation request, is delivered to the bank lb over the 
inter-bank network 2 . 
5 The cooperative bank processing means 8 in the 

bank lb receives the existing account information and 
compares it with the entries of a registered account 
directory 8a stored therein, thereby confirming that the 
customer's account is registered as claimed in the 

10 existing account information. The result of this account 
confirmation is sent back to the bank la via the inter- 
bank network 2 . 

The target bank processing means 7 in the bank la 
receives this response from the cooperative bank 

15 processing means 8. Based on this response, the target 
bank processing means 7 decides whether to create or not 
to create an account for the customer 4. When the target 
bank processing means 7 decided to allow opening the 
customer's account, it sends ^^new account acknowledgment 

20 information" to the terminal station 5 to notify the 
customer 4 of acceptance of his/her application. The 
target bank processing means 7 then creates a new bank 
account 7a in the bank la, using the account application 
information that was sent from the terminal station 5 when 

25 the customer 4 issued the application. 

In the way described above, the customer 4 can 
newly open an account of the bank la without visiting a 
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branch office of the bank la, but only by entering 
necessary information to his/her terminal station 5 . Note 
here that the bank la used the customer's existing account 
in the different bank lb to authenticate the applicant, or 
the customer 4. This method will eliminate the need of 
special certifying authorities and simplify the account 
opening procedure. 

This method originates from the concept that a 
customer who has a valid account in one of the banks on 
the network must have once passed a normal user 
authentication procedure. As long as the validity of 
his/her bank account can be confirmed, there will be no 
need to repeat a like procedure each time a new 
application is issued from the same customer. The bank 
account used for such authentication purposes is not 
restricted to one registered in a specific bank, but can 
be of any banks linked to the target bank la via the 
inter-bank network 2 . 

The target bank la, of course, can also play as a 
cooperative bank if the customer has a valid account in 
the bank la. In this case, the target bank processing 
means 7 will make an account confirmation by itself. 
Besides being applicable to new account applications, the 
network transaction system of the present invention can be 
used in general banking transactions such as online 
inq[uiry of the account balance summary. Those two cases 
will be described separately as alternative configurations 



of the present invention. 

The following description will present an 
embodiment of the present invention in which a cyberspace 
banking system is constructed on an open network such as 
Internet. When trying to open a new account in a certain 
bank, the customer must follow either one of two different 
procedures depending on whether he/she already has an 
account in that bank or not. The following description 
will start with an assumption that the customer currently 
has no account in the target bank. 

FIG. 2 is a bl ock di agr am showi ng a typi cal 
configuration of a cyberspace banking system according to 
the present invention. As in FIG. 1, the system shown in 
FIG. 2 contains three entities; a terminal station 10;. a 
target bank system 30, and a cooperative bank system 50. 
Via an open network 20 such as Internet, the terminal 
station 10 at the customer's site is linked to the target 
bank system 30 disposed in the bank where the customer 
wishes to open an account. The target bank system 30 is 
further linked to the cooperative bank system 50 via a 
proprietary inter-bank network 40, in which the customer's 
existing bank account is registered. 

The terminal station 10 comprises an input 
information processor 11, a secret/public key generator 12, 
an encryption unit 13, a decryption unit 14, an 
output /storage unit 15, and a log information storage unit 
16. The input information processor 11 handles infoirmation 



entered by the customer through a keyboard and/ or other 
input devices. The secret/public key generator 12 produces 
a customer secret key and a customer public key for 
encryption and decryption of communication messages using 
5 a public key cryptosystem. The encryption unit 13 encrypts 
the entered information and sends the encrypted message to 
^ the target bank system 30, The decryption unit 14 receives 

a response message from the target bank system 30 and 
decrypts them so that the output/ storage unit 15 will 
10 display, print out, and/or store the information contained 
O th,^ message. The log information storage unit 16 stores 

S operation history records of the terminal station 10. 

m The target bank system 30 comprises a 

m secret/public key generator 31 , a decryption unit 32 , an 

15 encryption unit 33, an account opening decision unit 34, 
an account information storage unit 35, and a log 
Ui information storage unit 36. The secret/public key 

yi3 generator 31 produces a target bank secret key and a 

target bank public key. The decryption unit 32 decrypts a 
20 request message from the terminal station 10 and a 
response message from the cooperative bank system 50. The 
encryption unit 33 encrypts a confirmation request message 
and sends it to the cooperative bank system 50 , as well as 
encrypting and transmitting a response message to the 
25 terminal station 10 . The account opening decision unit 34 
decides whether to accept or to reject a customer's 
request for new account, based on the informiation decoded 
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by the decryption unit 32. The account information storage 
unit 35 stores information regarding the bank accounts* 
The log information storage unit 36 records the operation 
history in the target bank system 30, 
5 The cooperative bank system 50 comprises a 

secret/public key generator 51, a decryption unit 52, an 
encryption unit 53 , an account information verification 
unit 54, an account information storage unit 55, and a log 
information storage unit 56 » The secret/public key 

10 generator 51 produces a cooperative bank secret key and a 
cooperative bank public key. The decryption unit 52 
decrypts a confirmation request message from the target 
bank system 30. The encryption unit 53 encrypts a response 
message addressed to the target bank system 30. The 

15 account information verification unit 54 confirms the 
validity of a bank account that the customer claims to own. 
The account information storage unit 55 stores directory 
information regarding the registered bank accounts. The 
log inf oimation storage unit 56 stores the operation 

2 0 history in the cooperative bank system 50. 

The above components in the terminal station 10, 
target bank system 30, and cooperative bank system 50 will 
cooperate with each other to perform a secure process to 
open a new account for the customer. Referring now to FIG. 

25 3, the following description will totally present the 
process of opening a new bank account. 

FIG. 3 is a flowchart showing the account opening 
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process, which comprises seven steps S1-S7 as follows. 

[Si] In the terminal station 10 , the input 
information processor 11 receives some personal 
information from the customer. More specif icallYf the 
5 customer enters two classes of information as : 

(a) Information required for opening a new bank account, 
- such as his/her name and address, and 

(b) Information on his/her existing bank account, 
including its account number and password. 

10 The former information (a) is referred to as '^account 
gj application information,'' while the latter information (b) 

S is referred to as ^'existing account information'^ or ^^user 

|S authentication data." The enciryption unit 13 encrypts 

^ those two kinds of data to assemble an account application 

15 message and sends it to the target bank system 30. 
§^ [S2] In the target bank system 30, the 

W decryption unit 32 receives the account application 

message from the terminal station 10 and decodes the 
message to extract both the account application 
20 information and the user authentication data. The 
encryption unit 33 then creates a confirmation request 
message from the extracted user authentication data, and 
sends it to the cooperative bank system 50. 

[S3] In the cooperative bank system 50, the 
25 deciryption unit 52 receives the confirmation request 
message from the target bank system 30. Decoding that 
message, the decryption unit 52 obtains the user 
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authentication data. The account information verification 
unit 54 then searches the directory information stored in 
the account information storage unit 55 to confirm the 
presence of the customer's bank account as is described in 
5 the user authentication data. The result of this account 
confirmation is encrypted by the encryption unit 53 and 
sent back to the target bank system 30 as a confirmation 
response message. 

[S4 ] In the target bank system 30 , the 
10 decryption unit 32 decrypts the received confirmation 
response message to know the result of the account 
confirmation performed by the cooperative bank system 50. 
Based on the confirmation result, the account opening 
decision unit 34 determines whether to accept or to reject 
15 the application for the new bank account. 

[S5] If the application is acceptable, then the 
process advances to step S6. Otherwise, the process skips 
Q the step S6. 

[36] The requested new account is created 
2 0 according to the account application information 
previously received from the teirminal station 10, and this 
new account is registered to the account information 
storage unit 35. 

[S7 ] Upon inquiry from the customer , the final 
25 result of the application is returned to the terminal 
station 10. More specifically, the encryption unit 33 
encrypts the result status information to create an 
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application response message. This message is transmitted 
to the terminal station 10 in response to the inquiry from 
the applicant {i*e. , the customer) , In the terminal 
station 10, the decaryption unit 14 decrypts the 
5 application response message to extract the result status 
information. The output/storage unit 15 displays the 
extracted status information on a terminal screen. 

Throughout the above-described process, every 
operation performed by the terminal station 10, target 
10 bank system 30, and cooperative bank system 50 is recorded 
p in their respective log information storage units 16, 36, 

ffi and 56. 

y^J Referring next to FIG. 4 , the following 

description will focus on how the information is exchanged 
15 among the terminal station 10, target bank system 30, and 
cooperative bank system 50 and how the security of the 
information is maintained. 

fi FIG. 4 depicts a flow of encrypted information, 

where the RSA public-key encryption algorithm is widely 
2 0 adopted. In general, public-key cryptosystems use a pair 
of encryption/decryption keys, namely, a secret key and a 
public key. One of those keys is used to encrypt messages, 
which can be decrypted only by using the other key. For 
example, FIG. 4 shows that a customer secret key px and a 
25 customer public key ox are assigned to a customer X (i.e., 
the terminal station 10) . Similarly, a target bank secret 
key py and a target bank public key oy are assigned to a 
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target bank Y (i.e., the target bank system 30), while a 
cooperative bank secret key jpz and a cooperative bank 
public key oz are assigned to a cooperative bank Z (i.e., 
the cooperative bank system 50) . 

Assume here that the customer X wishes to open a 
new account in the target bank r. The customer X enters 
the following three classes of information to the terminal 
station 10. 

aO: Name, address, company, target bank 

identification code, desired password of the new 
account, etc. 

JbO: Customer public key ox, cooperative bank 

identification code, etc. 
aOi Cooperative bank identification code, account 
number and password of the existing bank account 
that is owned by the customer X, etc. 
The first information aO is encrypted by using the 
customer secret key pic and then by using the target bank 
public key oy. The resultant ciphertext data can be 
expressed as YoyKYpxiSiO) ) , where Foy and Fpx are 
encryption functions corresponding to the encryption keys 
oy and px, respectively. Likewise, the second information 
hO is encrypted by using the target bank public key oy, 
which results in a second ciphertext Fby(jbO) . The third 
information aO is encrypted by using the customer secret 
key pjT and further by using the cooperative bank public 
key oz, thereby producing a third ciphertext Fo^ (Fpjff (cO) ) . 



Lastly, the following plaintext dO is combined with the 
above three kinds of ciphertext data. 

dO: Code to define the message format, etc. 
The above encryption process performed in the terminal 
station 10 will finally yield an account application 
message 21 which is expressed as 

[FoyiFpxiaO)) , Foy(bO) , Foz (Fpx{cO) ) , dO] 
This account application message 21 is sent to the target 
bank system 30. 

The target bank system 30 receives the account 
appl i ca ti on me s sage 2 1 and decrypts the encrypted 
information contained in the message , This decryption 
process is expressed as: 

rpy(Foy{Fpjc{BO))) ^ Fpx(aO) 

rpy{Foy(bO) ) bO 
where the character r (gamma) is used to represent a 
decryption operator such as ipy for the decryption key py. 

The target bank system 30 decrypts again the 
ciphertext Fpx{aO) by using the customer public key ox 
that is included in the information bO just decrypted 
above. This second decryption yields the plaintext 
information aO as 

rox{Fpx{aO)) 3lO 
where Fox represents the decryption function corresponding 
to the decryption key ox. 

The third ciphertext Foz {Fpx(cO) ) in the account 
application message, which contains the information aO in 



enc2rypted form, cannot be processed in the target bank 
system 30 because it is encrypted with the cooperative 
bank public key oz (i.e., the secret key pz is necessary 
to decode it) . For the time being, the target bank system 
30 leaves this Foz{Fpx:{cO) ) as it is. Although it is not 
shown in FIG. 4 , the target bank system 30 returns an 
acknowledgment message including a reception number to the 
terminal station 10, thereby indicating the reception of 
the account application message. 

The target bank system 30 then composes a 
confirmation request message 41 addressed to the 
secret/public key generator 51. This message contains the 
following information eO and fO in addition to the 
encrypted information Foz{Fpx{cO)) received from the 
termi nal s ta t i on 10. 

eO: Target bank identification code, customer public 
key and confirmation request niomber 

fOi Code to define the message format 
While the latter information fO is sent as plaintext data, 
the former information eO is encrypted two times by using 
the target bank secret key py and the cooperative bank 
public key oz , thereby yielding ciphertext data 
Foz(Fpy(eO)) . The confirmation request message 41 is thus 
expressed as follows. 

[Foz(Fpx{cO)) , Foz(Fpy{eO)) , fO^ 

The cooperative bank sy s tem 5 0 receives thi s 
confirmation request message 41 and decodes the encrypted 



part of the message to extract their contents . More 
specifically, the cooperative bank system 50 uses the 
cooperative bank secret key pz for decryption as: 
rpz{Foz{Fpx{aO))) Fpx{cO) 
5 rpz{Foz{Fpy{BO))) -^Fpy{BO) 

The cooperative bank system 50 then decrypts those 
two cipher text data Fpx(cO) and Fpy(eO) by using the 
customer public key ox and target bank public key oy, 
respectively, and finally obtains the original plaintext 
10 information eO and cO, 
O roy (Fpy(eO)) eO 

% rox (FpxicO) ) -» cO 

lfi The decrypted information aO contains the 

|i cooperative bank identification code, account number and 

'•id " 

15 password of the existing bank account that is owned by the 
customer X, With this information, the cooperative bank 
W system 50 confirms whether or not the account number 

yp claimed by the customer X is registered in the account 

information storage unit 55 and whether or not the claimed 
2 0 password coincides with the registered password. 

Upon completion of the account confirmation, the 
cooperative bank system 50 assembles a confirmation 
response message 42 including the following two sets of 
information . 

25 gO: Result of the account confirmation, cooperative 

bank identification code, and confirmation 
request number 
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hOi Code to define the message format 
First, the cooperative bank system 50 encrypts the 
information grO by using the cooperative bank secret key pz, 
and then it attaches the information hO without encryption. 
5 This results in a confirmation response message 42 
assembled as follows, 
[rpz(gO) , hO] 

The confirmation response message 42 is transferred to the 
target bank system 30. 
10 After that, the cooperative bank system 50 obtains 

3 a log file, in which the history of events and operations 

m recorded, and saves it into the log information 

t$i storage unit 56, For security purposes, a password error 

counter is prepared for every registered account. In the 
15 case that a customer provided a correct account number but 
H happened to enter a wrong password by mistake, the above- 

U described process of account confirmation will detect a 

^ password error and increment the password error counter 

for security record. 
20 In the target bank system 30, the confirmation 

response message 42 is decrypted by using the cooperative 
bank publi c key oz. As a resul t , the information g-0 is 
obtained as 

roz(Fpz(^0) ) gO 
25 where Foz represents the decryption function corresponding 
to the decryption key 02. 

Based on the decrypted information g-O, the target 
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bank system 30 verifies the identity of the sender of the 
confirmation response message 42. More specifically, the 
target bank system 30 compares the bank identification 
code as part of the decrypted information gO with the 
known identification code of the cooperative bank Z, If 
the two codes agree wi th each other , the target bank 
system 30 understands that the received message is totally 
valid. 

Next, the target bank system 30 decides whether to 
accept or reject the application for a new bank account, 
based on the result of the account confirmation. The basis 
of this decision resides in the information gO extracted 
from the confirmation response message 42. Note that the 
confirmation request ntamber contained in the confirmation 
request message 41 and that extracted from the 
confirmation response message 42 must be the same number. 
And only when the decrypted information gO shows that the 
cooperative bank system 50 successfully confirmed the 
validity of the bank account claimed by the customer X, 
the target bank system 30 will decide to create a new 
account as requested by the customer X. 

When opening an account for the customer X, the 
target bank system 30 creates a registration record 
concerning the newly opened bank account, which includes 
the name , address , customer public key ox, password for 
the new account, and the like. This record is sent to the 
account information storage unit 35 for registration. 



Subsequently, the target bank system 30 assembles 
an application response message 22 which conveys the 
following information. 

±0: Target bank identification code, result status 
of the application, reception number, etc* 

jO: Code to define the message format 
The target bank system 30 encrypts this information ±0 by 
using the target bank secret key py and customer public 
key ox, thereby yielding the ciphertext information 
Fox(Fpy(±0)) . The target bank system 30 adds the 

information jO as is to the ciphertext information 
roxlFpydO)) and finally obtains the application response 
message 22 as follows. 

[FoJcirpydO) ) , jO] 
This application response message 22 is sent to the 
terminal station 10 . 

After sending the message, the target bank system 
30 obtains a log file in which the history of events and 
operations are recorded, and saves it into the log 
information storage unit 36 . The target bank system 30 
then opens the new account for the applicant. 

The terminal station 10 receives the application 
response message 22 and decrypts the encrypted information 
contained in the message. More specifically, the encrypted 
information Fox(rpy(±0)) is decoded by using the customer 
secret key px as : 

rpx(Fox{Fpy(±0))) Fpy(±0) 



Then the inf oirmation Fpy(±0) is decrypted by using the 
target bank public key oy as: 
roy{Fpy{±0)) ±0 

Based on this decrypted information 10, the 
terminal station 10 verifies the identity of the sender of 
the application response message 22 , More specifically, 
the terminal station 10 compares the bank identification 
code as part of the decrypted information ±0 with the 
known identification code of the target bank Y. If the two 
codes agree with each other, the terminal station 10 
recognizes that the received message is totally valid and 
allows the result information to be displayed on the 
terminal screen, printed out upon request, and/or stored 
in the terminal station 10 . The histoiry of events and 
operations during the above -described process is recorded 
in a log file. The terminal station 10 saves such a log 
file into the log information storage unit 16. 

Referring next to FIG. 5, the following 
description will present an example of a terminal screen 
prepared for a customer who wishes to sign up for a new 
bank account . 

FIG. 5 illustrates a terminal screen for online 
account application. When a customer connects the terminal 
station 10 to the target bank Y to sign up for a new 
account, the terminal station 10 will first show him/her a 
service menu screen. The user then selects an item titled 
^^Opening Your New Account''^ from among the service menu 



items. In response to this selection, the terminal station 
10 will display a submenu for the selected service menu 
item. The customer selects a submenu item titled ^^New 
Account Application,'' and then an account application 
screen 60 of FIG. 6 will appear on the terminal screen to 
prompt the customer to fill out an online application form. 

The account application screen 60 has blank data 
fields 61-66 as part of the application form, where the 
user is requested to enter two classes of information; one 
is relevant to his/her new account to be opened and the 
other is relevant to his/her existing bank account. 

The data fields that fall into the former category 
are: an input field 61 for the user's name and date of 
birth; field 62 for address and phone number; field 63 for 
company name and phone number; and field 64 for desired 
password for the new account. The information entered to 
those data fields 61-64 will be subject to encryption by 
using the customer secret key and target bank public key 
before it is transferred to the target bank system 30. 

On the other hand, the remaining data fields 65 
and 66, which fall into the latter category, are prepared 
respectively for account number and password of an 
existing bank account that is owned by the applicant. The 
account number must include the bank identification code 
and branch identification code to allow the account to be 
fully identified. The information entered to those two 
fields will be encrypted by using the customer secret key 



and cooperative bank public key when it is sent to the 
target bank system 30. 

The application screen 60 further comprises an 
APPLY button 67 and a CANCEL button 68, When all the data 
fields 61-66 in the application form are completed, the 
customer will click the APPLY button 67 to initiate a 
transaction for opening a new account. The CANCEL button 
68 is used to cancel the current session of online account 
application. 

Assume that the customer has filled out the form 
in the account application screen 60. A mouse click on the 
APPLY button will submit the entered information to the 
target bank system 30. Upon receipt of this account 
application information, the target bank system 30 returns 
an acknowledgment message including a reception number to 
notify the terminal station 10 of the reception of the 
application submitted . The target bank system 30 then 
sends a request message to the cooperative bank system 50 
to verify the identity of the applicant. This request 
message is, in other words, a user authentication request. 
If the user authentication performed by the cooperative 
bank system 50 has lead an affirmative decision for the 
account application, the target bank system 30 opens the 
requested account and saves registration data of the new 
account. Here, the terminal station 10 can make an inquiry 
about the current status of the application by sending the 
reception number that i s received as part of the 



acknowledgment message. The target bank system 30 returns 
the registration data of the account in response to this 
inquiry. The following description will present an example 
screen in such a situation. 
5 FIG. 6 illustrates a status inquiry screen that 

will appear in response to a request for opening a new 
account. Recall that the selection of the service menu 
item ^^Opening Your New Account'' invokes a corresponding 
submenu. In addition to the item ^^New Account Application'' 
10 explained above, this submenu also includes an item titled 
^'Application Status Inquiry," The customer selects this 

g submenu item and enters the reception number that he/she 

received from the target bank system 30 as part of the 

tl acknowledgment message corresponding to his/her new 

^ 1^ account application. Then the terminal station 10 displays 

C an application status screen 70. 

y This application status screen 70 contains an 

0 account name field 71 and an account number field 72, The 

account number field 72 shows the number of the newly 
2 0 opened account that is taught by the target bank system 30. 

While the above discussion have focused on such a 
case that a customer applies for an account of a specific 
bank for the first time, the following description will 
cover some different cases. More specifically, a customer 
25 may apply for another account of the same bank where 
his/her old account exists. Once the customer gets such a 
cyberspace bank account, he/she will be able to use 
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various online banking services through the open networks. 
The following discussion will also clarify how the present 
invention will provide a customer with secure services, 

FIG, 7 shows an alternate configuration of a 
cyberspace banking system where the network transaction 
system of the present invention is implemented. Because of 
its similarity to the configuration of FIG. 2, like 
reference numerals are assigned to like elements. 

In this cyberspace banking system, a terminal 
station 10 at the customer'^ s site is connected via an open 
network 20 to a target bank system 30, The customer 
already has an account in the target bank but he/she 
wishes to open another account in the same bank. 

The terminal station 10 comprises an input 
information processor 11, a secret/public key generator 12, 
an encryption unit 13, a decryption unit 14, an 
output/storage unit 15, and a log information storage unit 
16. The input information processor 11 processes 

information entered by the customer. The secret/public key 
generator 12 produces a customer secret key and a customer 
public key. The encryption unit 13 encrypts the entered 
information and sends the encrypted message to the target 
bank system 30. The decryption unit 14 receives response 
messages from the target bank system 30 and decirypts them 
to allow the output/storage unit 15 to display, print out, 
and/or store the information contained in the messages. 
The log information storage unit 16 records the operation 



history of the terminal station 10. 

The target bank system 30 comprises a 
secret/public key generator 31, a decryption unit 32, an 
encryption unit 33, an account opening decision unit 34, 
5 an account information storage unit 35, a log information 
storage unit 36, an account information verification unit 
37, and an account information storage unit 38. The 
secret/public key generator 31 creates a target bank 
secret key and a target bank public key. The decryption 
10 unit 32 decrypts a request message received from the 
r:^. terminal station 10 . The encryption unit 33 encrypts a 

7S response message and sends it to the terminal station 10 , 

The account opening decision unit 34 decides whether to 
J,^ accept or to reject a customer's request for a new account. 

^' 15 The account information storage unit 35 stores information 

P on the registered bank accounts , The log information 

U storage unit 36 records the operation history in the 

d;;: target bank system 30. The account information 

verification unit 37 confirms the validity of the bank 
2 0 account that the customer claims to own . The account 
information storage unit 38 stores information regarding 
the registered bank accounts. 

When applying for a new account, the input 
information processor 11 in the terminal station 10 
25 prompts the customer to enter the following three sets of 
information . 

a 1 : Name , addres s , company , target bank 
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identirication code, password choice for the new 
account, account number and password of the 
existing bank account that is owned by the 
customer , etc . 
jbl: Customer public key ox 

dl: Code to define the message format, etc. 
The encryption unit 13 encrypts the first information al 
by using the customer secret key px and further by using 
the target bank public key oy. The resultant first 
ciphertext is expressed as FoyiFpxial) ) , Likewise, the 
encryption unit 13 encrypts the second information Jbl by 
using the target bank public key oy, thus yielding second 
ciphertext data Foy(bl) . Lastly, the third information dl 
is combined with the above two sets of ciphertext data. As 
a result, an account application message 21 is assembled 
as 

[Foy{Fpx(al) ) , Foy(bl) , dl] . 
This account application message 21 is sent to the target 
bank system 30, 

The target bank system 30 receives the account 
application message 21, and the decryption unit 32 
decrypts the encrypted information contained in the 
message by using the target bank secret key py. This 
decryption process is expressed as 

rpy{Foy(Fpx{al))) Fpx{al) , 

rpy(Foylbl)) ^ hi. 
The decryption unit 32 further decrypts the ciphertext 



Fpxial) by using the customer public key ox as part of the 
decrypted information hi, thereby yielding the plaintext 
information al as 

rox(Fpx{Bl)) al. 

The decrypted information al contains the account 
number and password of the existing bank account that is 
owned by the customer. This information is sent to the 
account information verification unit 37 for confirmation. 
The account information verification unit 37 confirms that 
the account number claimed by the customer is registered 
in the account information storage unit 38 and that the 
claimed password coincides with the registered password. 
The result of this confirmation is reported to the account 
opening decision unit 34 to decide whether to accept or to 
r e j ect the appl i ca ti on for a new bank account , I f i t 
decides to accept the application, the registration data 
of the new account is saved into the account information 
storage unit 35, 

When the target bank system 30 receives an inquiry 
about the application status from the customer, the 
encryption unit 33 assembles an application response 
message based on the result of the existing account 
confirmation. The application response message will convey 
the following information. 

il: Target bank identification code, result status 
of the application, reception number, etc. 

jl: Code to define the message format 



The encryption unit 33 encrypts this information ±1 by 
using the target bank secret key py and further by using 
the customer public key ox. The encryption unit 33 adds 
the information jl to the cipher text information 
Fox(Bpy(±l)) and finally assembles the application 
response message as 

[Foxirpyill)) r Jl] * 
This application response message is sent to the terminal 
station 10 in reply to the inquiry. 

The terminal station 10 receives the application 
response message;, and the decryption unit 14 decrypts the 
encrypted information contained in the message. More 
specifically, the encrypted information rox{Fpy(±l) ) is 
decoded by using the customer secret key px as 

rpx(Fox(rpy(±l))) rpyill) , 
Further, the decryption unit 14 decrypts the information 
Fpy{±l) using the target bank public key oy as 

roy(rpy(±l)) ±1. 
By displaying this decrypted information ±1 on the 
terminal screen, the output/ storage unit 15 reports the 
current status of the account application to the customer. 

The next description will explain how the customer 
makes transactions with his/her bank account through 
online banking services. 

Transactions are initiated by selecting an item 
^^Home Banking" from among those listed in the initial 
service menu on the screen of the terminal station 10. 



Responding to this selection, the input information 
processor 11 prompts the customer to enter the following 
information a2. 

a2: Account niomber and password of the bank account 
that is owned by the customer and the kind of 
service requested 
The encryption unit 13 enc3rypts this information 
a2 by using the customer secret key px and the target bank 
public key oy, thereby obtaining first cipher text data 
Foy{Fpx{a.2) ) , The encryption unit 13 also encrypts the 
following information b2 using the target bank public key 
oy-f and yields second ciphertext data FoY(b2) . 

Jb2: Customer public key ox 
Lastly, the following plaintext d2 is combined with the 
above two kinds of ciphertext data, 

d2: Code to define the message format;, etc. 
The resultant service request message is expressed as 

[Foy(Bpx{a2) ) , Foy{b2) , d2] , 
which service request message is sent to the target bank 
system 30. 

In the target bank system 30, the decryption unit 
32 decrypts the received service request message. More 
specifically, the decryption unit 32 first uses the target 
bank secret key py for decryption as 

rpy(Foy{Fpx(a2) ) ) ^ Fpx{a2) , 

rpy{Foy(h2)) h2. 
Subsequently, the decryption unit 32 decrypts the 



ciphertext Fpjc(a.2) by using the customer public key ox as 
rox(Fp2c(a2)) sl2. 

The decrypted information a2 contains the account 
number and password of the existing bank account that is 
owned by the customer, which information is sent to the 
account information verification unit 37 for confirmation. 
The account information verification unit 37 confirms that 
the account number claimed by the customer is registered 
in the account information storage unit 38 and that the 
claimed password coincides with the registered password. 
The result of this confirmation is reported to a service 
processor (not shown in FIG. 7) in the target bank system 
30. The service processor evaluates the conf iirmation 
result, and if the result was affirmative, the service 
processor provides the requested service after parsing the 
contents of the decrypted information a2. The available 
services include account balance summary, transaction 
history, and fund transfer, and the like. The output of 
the service processor is sent to the encryption unit 33. 

Upon receipt of an inquiry of the current status 
of service transaction, the encryption unit 33 assembles a 
response message to be returned to the customer. More 
specifically, the encryption unit 33 prepares the 
following information ±2 and j2. 

±2: Target bank identification code, result status 
of the service request, reception number, etc. 

j2: Code to define the message format 



The encryption unit 33 encrypts the information ±2 by 
using the target bank secret key py and customer public 
key ox, thereby yielding the ciphertext information 
Fox{Fpy{±2) ) . The encryption unit 33 adds the information 
j2 as is to the ciphertext Fox(Fpy{±2) ) and finally 
obtains a response message expressed as 

[Fox{Fpy{±2) ) , j2] , 
and this response message is transmitted to the terminal 
station 10* 

The decryption unit 14 in the terminal station 10 
decrypts the encirypted information contained in the 
received response message. More specifically, the 

encrypted information Fox{Fpy{±2) ) is decoded by using the 
customer secret key px as 

rpx(Fox(Fpy{±2))) Fpy{±2) , 
and this ciphertext information Fpy{3.2) is further 
decrypted by using the target bank public key oy as 

roy{Fpy{±2)) ^ ±2. 
Based on this decrypted information ±2, the output/storage 
unit 15 displays the result of his/her service request. 

The above discussion will be summarized as follows. 
In a cyberspace banking system based on an open computer 
network, user authentication is a vital process for 
security. When applying for a new bank account, a customer 
is required to show that he/she is the exact person who 
he/she claims to be. The present invention makes this user 
authentication process much easier, by using the 



applicant's existing bank account as a kind of certificate. 
Inter-bank financial networks makes it possible to verify 
the validity of a remote account » When the applicant's 
remote account was successfully confirmed, it implies that 
5 the applicant has once passed the authentication process 
in that bank. The idea of using the existing inter-bank 
networks to confirm the identities of customers will allow 
the authentication process to be greatly simplified and 
thus enable the customers to fully enjoy the cyberspace 

10 banking services of any banks they desire. The present 
invention also eliminates the need of user registration to 
certifying authorities, as well as allowing the banks to 
be free from operations and management pertaining to such 
certifying authorities. This will be of great benefit to 

15 both customers and banks. 

The foregoing is considered as illustrative only 
of the principles of the present invention. Further, since 
numerous modifications and changes will readily occur to 
those skilled in the art, it is not desired to limit the 

20 invention to the exact construction and applications shown 
and described, and accordingly, all suitable modifications 
and equivalents may be regarded as falling within the 
scope of the invention in the appended claims and their 
equivalents . 
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WHAT IS CLAIMED IS : 



1 , A network transaction system in which a 
customer' s terminal station and a plurality of bank 
systems are interconnected via networks , the plurality of 
bank systems including a first bank system and a second 
bank system, the customer having an existing bank account 
in the second bank system and attempting to newly open a 
bank account in the first bank system, the network 
transaction system comprising: 

customer processing means disposed at the terminal 
station for applying for a new bank account by supplying 
the first bank system with existing account infoarmation 
descriptive of the existing bank account owned by the 
customer in the second bank systems- 
first bank processing means disposed at the first 
bank system for requesting the second bank system to make 
a confirmation of the existing bank account while 
forwarding the existing account information received from 
the customer processing means to the second bank system 
over the networks, and for opening the applied new bank 
account based on a confirmation response message from the 
second bank system describing a result of the confirmation 
of the existing bank account; and 

second bank processing means disposed at the 
second bank system for confirming the existing bank 
account upon request from said first bank processing means. 



and for returning the confirmation response message to 
said first bank processing means to report the result of 
the confirmation of the existing bank account. 

2 • A network transaction system according to 
claim 1 , wherein said networks include 

an open network which interconnects the teirminal 
station and the first bank, and 

an inter-bank network which interconnects the 
plurality of bank systems. 

3 . A network transaction system according to 
claim 1 , wherein 

said customer processing means supplies the first 
bank with account application information that is 
necessary for opening the new bank account, and 

said account application information includes at 
least the customer' s name , address , company, bank 
identification code of the first bank, and desired 
password for the new bank account. 

4 , A network transaction system according to 
claim 1, wherein the existing account information includes 
at least bank identification code of the second bank 
system, account number of the existing bank account, and 
password of the existing bank account. 



5 . A network transaction system according to 
claim 1;, wherein said customer processing means comprises 

(al) customer key generation means for generating 
a customer secret key and a customer public key, 
5 (a2) customer encryption means for assembling an 

account application message to be sent to said first bank 
processing means by 

encrypting account application information 
necessary for opening the new bank account by using 
10 the customer secret key and further by using a first 

bank public key, 

S encrypting the customer public key and a 

second bank identification code by using the first 
bank public key, 

p 

01 15 encrypting the existing account information by 

p using the customer secret key and further by using a 

yj second bank public key, and 

yg combining the encrypted account application 

information, the encrypted customer public key, the 
2 0 encrypted second bank identification code, and the 

encrypted existing account information, and 

(a3) customer decryption means for obtaining new 
account acknowledgment information by decrypting an 
application response message received from said first bank 
25 processing means by using the customer secret key and 
further by using the first bank public key. 
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6. A network transaction system according to 
claim 5^ wherein said first bank processing means 
comprises 

(bl) first bank key generation means for 
5 generating a first bank secret key and the first bank 
public key, 

(b2) first bank decryption means for 

obtaining the customer public key and the second 
bank identification code by decrypting the encrypted 
10 customer public key and the encrypted second bank 
identification code, as part of the account application 
message received from said customer processing means, by 
using the first bank public key, 
^ obtaining the account application information by 

^ 15 decrypting the encrypted account application information, 

D as part of the account application message received from 

y said customer processing means, by using the first bank 

secret key and further by using the obtained customer 
public key, and 

2 0 obtaining the result of the confirmation of the 

existing bank account by decrypting the confirmation 
response message from the second bank processing means by 
using the second bank public key, and 

(b3) first bank encryption means for 
25 encrypting confirmation request information by 

using the second bank public key, and 

assembling a confirmation request message to be 
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sent to said second bank processing means by combining the 
encrypted confirmation request information and the 
encrypted existing account information received from the 
customer processing means, wherein the confirmation 
5 request information includes a first bank identification 
code, the customer public key, and a confirmation request 
number . 

7, A network transaction system according to 
10 claim 6, wherein said second bank processing means 
comprises 

(cl) second bank key generation means for 
generating a second bank secret key and the second bank 
public key, 

15 (c2) second bank decryption means for 

obtaining the first bank identification code, the 
customer public key, and the confirmation request number 
by decrypting the encrypted confirmation request 
information by using the second bank secret key and 

20 further by using the first bank public key, and 

obtaining the existing account information by 
decrypting twice the encrypted existing account 
information by using the second bank secret key and 
further by using the above-obtained customer public key, 

25 and 

(c3) second bank encryption means for encrypting 
the result of the confirmation of the existing bank 
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account, the second bank identification code, and the 
confirmation request number by using the second bank 
secret key, and thereby assembling the confirmation 
response message to be sent to said first bank processing 
means , 

8. A network transaction system in which a 
customer' s terminal station and a bank system are 
interconnected via a network, the customer having an 
existing bank account in the bank system and attempting to 
open a new bank account in the same bank system, the 
network transaction system comprising: 

customer processing means disposed at the terminal 
station for applying for a new bank account by supplying 
the bank system with existing account information 
descriptive of the existing bank account owned by the 
customer in the bank system; and 

bank processing means disposed at the bank system 
for making a confirmation of the existing bank account, 
and for opening the applied new bank account based on the 
result of the confirmation of the existing bank account. 

9. A terminal station, linked to a plurality of 
bank systems, for use by a customer who wishes to newly 
open a bank account in a first bank system and has an 
existing bank account in a second bank system, the first 
and second bank systems being among the plurality of bank 
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systems, the terminal station comprising 

processing means for sending, along with account 
application information necessary for opening a bank 
account i n the f i r s t bank sy s tem , exi s t i ng accoun t 
5 information pertaining to the existing bank account owned 
by the customer in order to allow the first bank to 
request the second bank to authenticate the customer's 
identity. 

10 10. The terminal station according to claim 9, 

wherein said processing means creates an account 
application message to be sent to the first bank system, 
the account application message being a combination of 
data items obtained by 

15 encrypting the account application information by 

using a customer secret key and further by a first bank 
public key, 

encrypting a customer public key and a second bank 
identification code by using the first bank public key, 
2 0 and 

encrypting the existing account information by 
using the customer secret key and further by using a 
second bank public key. 

2 5 11 , A user authentication method to allow a 

customer to use cyberspace banking services via an open 
network, which services are provided by a plurality of 
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banks interconnected via an inter-bank network, the 
plurality of bank systems including a first bank and a 
second bank, the customer having an existing bank account 
in the second bank and newly issuing an account 
application for a bank account to the first bank, the user 
authentication method comprising the steps of: 

(a) sending account application information and 
existing account information from the customer to the 
first bank, wherein the account application information is 
information necessary for opening a new bank account in 
the first bank and the existing account information is 
information descriptive of the existing bank account owned 
by the customer in the second bank; 

(b) forwarding the existing account information 
from the first bank to the second bank for requesting the 
second bank system to make a confirmation of the existing 
bank account ; 

( c ) conf i rmi ng the exi s t i ng bank a ccoun t in the 
second bank; and 

(d) deciding whether to accept or to reject the 
account application, based on the result of the 
confirmation performed in said step (c) . 

12. A user authentication method to allow a 
customer to use cyberspace banking services via an open 
network, which services are provided by a plurality of 
banks interconnected via an inter-bank network, the 



plurality of bank systems including a first bank and a 
second bank, the customer having an existing bank account 
in the second bank and newly issuing an account 
application for a bank account in the first bank, the user 
authentication method comprising the steps of: 

(a) being supplied by the customer with first 
information which is obtained by encrypting account 
application information necessary for opening a new bank 
account by using a customer secret key and further by a 
first bank public key; 

(b) being supplied by the customer with second 
information which is obtained by encirypting a customer 
public key and a second bank identification code by using 
the first bank public key; 

(c) being supplied by the customer with third 
information which is obtained by encrypting existing 
account information by using the customer secret key and 
further by using a second bank public key, wherein the 
existing account information is descriptive of the 
existing bank account owned by the customer in the second 
bank ; 

(d) decirypting the second information by using 
the first bank secret key to obtain the customer public 
key and the second bank identification code; 

(e) decrypting the first information by using the 
first bank secret key and further by using the decrypted 
customer public key to obtain the account application 



information ; 

(f) encrypting the second bank identification 
code, the customer public key, and confirmation request 
information by using the second bank public key to obtain 
fourth information ; 

(g) sending the third information and the fourth 
information to the second bank, thereby requesting the 
second bank to authenticate the customer based on the 
existing account information contained in the third 
information ; 

(h) receiving a response from the second bank 
that reports the result of the authentication; and 

(i) deciding whether to accept or to reject the 
account application from the customer. 

13 . A user authentication method to allow a 
customer to use cyberspace banking services via an open 
network, which are provided by a bank where the customer 
has an existing bank account, the user authentication 
method comprising the steps of: 

(a) being supplied by the customer with first 
information which is produced by encrypting account 
application information and existing account information 
by using a customer secret key and further by a bank 
public key, wherein the account application information is 
information necessary for opening a new bank account and 
the existing account information is descriptive of the 



existing bank account owned by the customer in the bank; 

(b) being supplied by the customer with second 
information which is produced by encrypting a customer 
public key by using the bank public key; 

(c) decrypting the second information by using 
the bank secret key, thereby obtaining the customer public 
key; 

(d) decrypting the first information by using the 
bank secret key and further by using the customer public 
key obtained in the step (c) , thereby extracting the 
account application information and the existing account 
information ; 

(e) authenticating the customer's identity, based 
on the existing account information extracted in the step 
(d) ; and 

(f) deciding whether to accept or to reject the 
account application from the customer, based on the result 
of the authentication performed in the step (e) . 

14 . A user authentication method to allow a 
customer to use cyberspace banking services via an open 
network, which are provided by a bank where the customer 
has an existing bank account, the user authentication 
method comprising the steps of: 

(a) being supplied by the customer with first 
information which is produced by encrypting service 
request information and existing account information by 



using a customer secret key and further by a bank public 
key, wherein the service request information specifies 
service contents pertaining to the existing bank account 
and the existing account information is descriptive of the 
existing bank account owned by the customer in the bank; 

(b) being supplied by the customer with second 
information which is produced by encrypting a customer 
public key by using the bank public key; 

(c) decrypting the second information by using 
the bank secret key to obtain the customer public key; 

(d) decrypting the first information by using the 
bank secret key and further by using the customer public 
key obtained in the step (c) so as to extract the service 
request information and the existing account information; 

(e) authenticating the customer' s identity, based 
on the existing account information extracted in the step 
(d) ; and 

(f ) deciding whether to provide or not the 
service contents to the customer, based on the result of 
the authentication performed in the step (e) . 



ABSTRACT OF THE DISCLOSURE 



A network tran sac ti on sy s tern appl i cabl e to 
cyberspace banking services using an open network, which 
5 allows customers to authenticate themselves through a 
simplified procedure, A customer's terminal station and a 
plurality of bank systems are interconnected via networks, 
and it is assiimed that the customer wishes to newly open a 
bank account in a bank system among them, or a target bank 

10 system, and that the customer has an existing bank account 
in a different bank system, or an cooperative bank system. 
Using his/her terminal station, the customer applies for a 
new bank account by supplying the target bank system with 
a ciphertext message containing existing account 

15 information descriptive of the customer's bank account in 
the cooperative bank system. The target bank system 
requests the cooperative bank system to confirm the 
customer's existing bank account, while forwarding thereto 
a part of the ciphertext message containing the existing 

2 0 account information. The cooperative bank system decrypts 
the received mes s age and conf i rms the val i di ty of the 
account that the customer claims to own. It then returns a 
response message to the target bank system to report the 
result of the account confirmation. The target bank system 

25 decides whether to accept or to reject the application for 
a new account based on the response message from the 
cooperative bank system. 
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